[check_mysql] Credentials in MySQL .cnf files
Fabien Malfoy
fabien.malfoy at ullink.com
Fri Jun 24 17:36:30 CEST 2011
Hi,
The help message of the check_mysql plugin clearly tells there is a risk
to use the -p option, which requires to specify the password on the
command line. Indeed : any look at the process table while the check is
being processed would show the password in its plain form.
I tried to use the [client] sections of the MySQL configuration, be them
either in the system-wide or user's configuration files, which MySQL
client actually uses, but check_mysql does not seem to use their
contents. However, tracing a check_mysql run shows that (probably
because it uses the libmysqlclient library) opens and reads each .cnf
file of MySQL, even the user's one.
I did not find any documentation regarding this capability. So I do not
know if it is finally not possible to do this way, if this is a known
bug being corrected, or if I this is possible but I am doing wrong.
I also found articles on the web talking about the $USERn$ macros. I
understand that using these would help to secure password storage by
setting restrictive permissions on the resource configuration files
defining them, but what about the appearance of the plain password in
the process list ?
I would very appreciate some explanation and advices by those who
already faced the same requirements.
Thanks in advance.
Regards,
--
Fabien Malfoy
Systems engineer - Ullink
23 rue de Provence - 75009 Paris - FRANCE
Phone: +33 (0)1.44.50.77.55 - 2108
E-mail: fabien DOT malfoy AT ullink DOT com
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense..
http://p.sf.net/sfu/splunk-d2d-c1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list